We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-27459

CVE-2025-27459



Description

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Reserved 2025-02-26 | Published 2025-07-03 | Updated 2025-07-03 | Assigner SICK AG


MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-257 Storing Passwords in a Recoverable Format

Product status

Default status
affected

vers:all/*
affected

References

www.endress.com

sick.com/psirt

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

sick.com/psirt vendor-advisory

www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf vendor-advisory

cve.org (CVE-2025-27459)

nvd.nist.gov (CVE-2025-27459)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-27459

Support options

Helpdesk Chat, Email, Knowledgebase